CVE-2024-53382 — MEDIUM (4.9)

Q: How severe is CVE-2024-53382?

CVE-2024-53382 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-53382?

Check the references section above for vendor advisories and patch information. Affected products include: Prismjs Prism.

Vulnerability Description

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Prismjs	Prism	<= 1.29.0

Related Weaknesses (CWE)

CWE-94 CWE-79

References

https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660ExploitPatchThird Party Advisory
https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/pProduct
https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660ExploitPatchThird Party Advisory

FAQ

What is CVE-2024-53382?

CVE-2024-53382 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can...

How severe is CVE-2024-53382?

CVE-2024-53382 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-53382?

Check the references section above for vendor advisories and patch information. Affected products include: Prismjs Prism.